tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Explicitly label logd's dependencies in /proc.

Browse source 
labeled /proc/kmsg as proc_kmsg, changed logd's access from proc to
proc_kmsg, and added a compat mapping.

Bug: 65643247
Test: device boots without selinux denials to the newly introduced proc_kmsg
Test: logd-unit-tests passes

Merged-In: I92c9f5694289eb6a94c4d90f14e2de4d46b5228e
Change-Id: I92c9f5694289eb6a94c4d90f14e2de4d46b5228e
(partial CP of commit 528da6fe3a)
This commit is contained in:
Tri Vo 2017-09-13 14:34:56 -07:00
parent 21fc9ab8dd
commit 87ed5e8dbf
3 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/genfs_contexts
View file

@ -5,6 +5,7 @@ genfscon proc / u:object_r:proc:s0
genfscon proc /config.gz u:object_r:config_gz:s0
genfscon proc /interrupts u:object_r:proc_interrupts:s0
genfscon proc /iomem u:object_r:proc_iomem:s0
genfscon proc /kmsg u:object_r:proc_kmsg:s0
genfscon proc /meminfo u:object_r:proc_meminfo:s0
genfscon proc /misc u:object_r:proc_misc:s0
genfscon proc /modules u:object_r:proc_modules:s0

1
public/file.te
View file

@ -15,6 +15,7 @@ type proc_bluetooth_writable, fs_type;
type proc_cpuinfo, fs_type;
type proc_interrupts, fs_type;
type proc_iomem, fs_type;
type proc_kmsg, fs_type;
type proc_meminfo, fs_type;
type proc_misc, fs_type;
type proc_modules, fs_type;

2
public/logd.te
View file

@ -4,7 +4,7 @@ type logd_exec, exec_type, file_type;
# Read access to pseudo filesystems.
r_dir_file(logd, cgroup)
r_dir_file(logd, proc)
r_dir_file(logd, proc_kmsg)
r_dir_file(logd, proc_meminfo)
r_dir_file(logd, proc_net)